Authentication Methods

ACLs can optionally specify the authentication method the server
must use when processing the ACL. There are three general methods:

Basic (default)

Digest

SSL

Basic and digest require users to enter a username and password
before accessing a resource.

SSL requires the user to have a client certificate. The web
server must have encryption turned on, and the user’s certificate
issuer must be in the list of trusted CAs to be authenticated.

By default, the server uses the Basic method for any ACL that
doesn’t specify a method. Your server’s authentication
database must be able to handle digest authentication sent by a user.

Each authenticate line must specify what attribute (users, groups,
or both users and groups) the server authenticate. The following authentication
statement, which would appear after the ACL type line, specifies basic
authentication with users matched to individual users in the database
or directory:

authenticate (user) { method = “basic”;
};

The following example uses SSL as the authentication method
for users and groups:

authenticate (user, group) { method = “ssl”;
};

The following example allows any user whose username begins
with the letters sales:

authenticate (user)

allow (all)

user = sales*

If the last line was changed to group = sales,
then the ACL would fail because the group attribute is not authenticated.